openssh random local port forwarding

you can't forward a random local port with openssh. forwarding a local random port with -L is useful when you use the option within some batched maintenance tasks (and not only, for some pure randomness just makes geeks feel secure). the  "random local port forwarding" job seems to be half done in the openssh original source tree (openbsd). ubuntu dudes added one more unneeded test (dummy?) in mux.c. I wrote a patch to solve this problem.

the original ssh client:


ssh -L 127.0.0.1:0:127.0.0.1:3000 mailgw
Bad local forwarding specification '127.0.0.1:0:127.0.0.1:3000'

the patched ssh client:
./ssh -L 127.0.0.1:0:127.0.0.1:3000 mailgw
Last login: Wed Jan 19 16:00:40 2011 from 
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994

the result:
tcp        0      0 127.0.0.1:38412         0.0.0.0:*               LISTEN      15010/ssh       


note the "0" port specification in the fwd arg.


here is a link to the patch generated against ubuntu openssh 5.5p1 source package. the same patch can be easily rewritten for the openssh original source tree (openbsd) if the mux.c diff is ignored (no unneeded test from bsd guys)

few notess
1. getting the next available port with a script and feed the ssh args with it immediately after does not guarantee you at all the port will still be available when ssh binds to it
2. how are you going to dig what port was used? see above
3. I failed to understand this:
if (fwd->listen_port < 0 || (!remotefwd && fwd->listen_port == 0))
why should random listen ports should be allowed for remote forwards (-R) and not for local forwards / dynamic forwards? it just doesn't make any sense.


No comments:

Post a Comment